kwa*_*gjj 1 ssh port-forwarding
这是我从有关端口转发的问题中得到的答案,但我不确定这意味着什么..
$ ssh lab_desktop -L 2200:lab_server:22 -vvv
我的疯狂猜测:
首先连接到lab_desktop,然后再次登录lab_server(端口22),从此连接接收到的数据将转发到lab_desktop,端口2200。
我的猜测对吗??
但我仍然不明白'-vvv'是什么意思......
应用答案后更新:
同意小溪的有用回答和评论,我尽我所能让小溪的回答有效
再次,让我清楚术语
mypc - 负责打字的那个
lab_desktop - ssh 服务器
lab_server- 我想与之交流的最终目的地。此服务器将只允许从 连接lab_desktop。还有一件事:它只允许通过端口 122 进行连接。
好的,因为登录lab_desktop并lab_server需要用户名和密码,我只是为mypc--lab_desktop 和lab_desktop--进行了 rsa 身份验证,lab_server这样我就不会遇到一直输入密码的麻烦,只是为了排除输入密码的可能性ssh 命令比较复杂。
之后我使用了命令:
ssh Black@lab_desktop -v -L 2200:lab_server:122
下面是输出
chulhyun@chulhyun-Inspiron-3420:~/.ssh$ ssh Black@$labcom -v -L 2200:143.248.146.204:122
OpenSSH_5.9p1 Debian-5ubuntu1.4, OpenSSL 1.0.1 14 Mar 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug1: Connecting to 143.248.143.198 [143.248.143.198] port 22.
debug1: Connection established.
debug1: identity file /home/chulhyun/.ssh/id_rsa type -1
debug1: identity file /home/chulhyun/.ssh/id_rsa-cert type -1
debug1: identity file /home/chulhyun/.ssh/id_dsa type -1
debug1: identity file /home/chulhyun/.ssh/id_dsa-cert type -1
debug1: identity file /home/chulhyun/.ssh/id_ecdsa type -1
debug1: identity file /home/chulhyun/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.6.1
debug1: match: OpenSSH_6.6.1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.4
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 79:64:5d:e7:ac:78:b7:52:3d:9a:6a:3b:c1:37:a0:2d
debug1: Host '143.248.143.198' is known and matches the ECDSA host key.
debug1: Found key in /home/chulhyun/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/chulhyun/.ssh/id_rsa
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to 143.248.143.198 ([143.248.143.198]:22).
debug1: Local connections to LOCALHOST:2200 forwarded to remote address 143.248.146.204:122
debug1: Local forwarding listening on ::1 port 2200.
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 2200.
debug1: channel 1: new [port listener]
debug1: channel 2: new [client-session]
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
debug1: Sending environment.
debug1: Sending env LANG = ko_KR.UTF-8
Last login: Tue Jun 24 16:47:27 2014 from 143.248.244.12
Black@Black-PC ~
$
它很长,但我想我唯一应该看的就是这些行:
debug1: Local connections to LOCALHOST:2200 forwarded to remote address 143.248.146.204:122
debug1: Local forwarding listening on ::1 port 2200.
当我使用我的 netstat 来查看这是否为 true( netstat -tulpn | grep 2200) 时,输出是:
root@chulhyun-Inspiron-3420:/etc/ssh# netstat -tulpn | grep 2200
tcp 0 0 127.0.0.1:2200 0.0.0.0:* LISTEN 14966/ssh
tcp6 0 0 ::1:2200 :::* LISTEN 14966/ssh
所以我想 ssh 跳跃毕竟建立了..
现在的问题是当我尝试在mypc. 正如 Creek 建议的那样,我需要利用这个端口,所以我尝试使用我的 root 帐户和用户帐户登录,但结果是由于密码而失败。
chulhyun@chulhyun-Inspiron-3420:~$ su
password:
root@chulhyun-Inspiron-3420:/home/chulhyun# ssh root@localhost -p 2200
root@localhost's password:
Permission denied, please try again.
root@localhost's password:
root@chulhyun-Inspiron-3420:/home/chulhyun# exit
exit
chulhyun@chulhyun-Inspiron-3420:~$ ssh chulhyun@localhost -p 2200
chulhyun@localhost's password:
Permission denied, please try again.
我确信密码是正确的。但我不明白为什么它不起作用......
我到了这一点。你能帮助我们更进一步吗?
更新
我面临的新问题在以下位置进行了讨论和解决:Linux 在 ssh'ing 时无法识别正确的密码?
ssh lab_desktop -L 2200:lab_server:22 -vvv
ssh lab_desktop- 创建一个 ssh 连接到lab_desktopas$USER-L 2200:lab_server:22- 使用连接到lab_desktop,将本地机器上的端口 2200 转发到端口 22lab_server-vvv - 启用最大详细级别 此命令将在您的本地计算机上的端口 2200 上打开一个套接字,然后使用 SSH 隧道,发送到本地主机上的端口 2200 的所有流量将被转发到 lab_server 上的端口 22。
要使用转发的端口并建立到 lab_server 的 SSH 连接,您需要启动第二个连接,连接到本地主机上的本地端口:
ssh user@localhost -p 2200